UTF-8 characters in the password might be the problem.  Are you using Java
7 or 8?

Looking at the Java spec, it expects ISO-8859-1 encoding on the file if you
are using Java 7:
http://docs.oracle.com/javase/7/docs/api/java/util/Properties.html#load(java.io.InputStream)

Java 8 looks like it uses UTF-8 by default now:
http://docs.oracle.com/javase/8/docs/api/java/util/Properties.html

Someone else who is more familiar with the code base can tell me if I'm
wrong here.

Patrick+



On Wed, Oct 12, 2016 at 10:54 AM, Stephane KERAIN <stephane.ker...@infodb.fr
> wrote:

> First, thank you for your help. :)
>
>
> I tried your test (I already do it) and it success: I'm able to read user
> info from AD. The password contains UTF-8 characters, do you think it would
> be an encoding issue ?
>
>
> [image: Stéphane KERAIN [Cliquez-ici pour en savoir plus...]]
> <http://sign-up.solutions/stephane-kerain/>
> ------------------------------
> *De :* Patrick Gardella <patrick.garde...@asburyseminary.edu>
> *Envoyé :* mercredi 12 octobre 2016 16:20:44
> *À :* Stephane KERAIN
> *Objet :* Re: [cas-user] CAS 4.2.5 - AD authentication failed
>
> If I'm reading your log correctly (I'm fairly new to this myself), I see
> that AD is returning an error code 52e near the end of your log snippet:
>  [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C8, comment:
> AcceptSecurityContext error, data 52e, v2580^@]
>
> Looking up that error code points to "invalid credentials".  (See
> http://www-01.ibm.com/support/docview.wss?uid=swg21290631 for details)
> Since it is not returnning a "data 525" error, that means that it
> recognizes the user, but you have the wrong password.
>
> If you are running this on a Linux system, you can install the ldap-utils
> package
>
> sudo apt-get install libnss-ldap ldap-utils
>
> and then run a query from the command line, to make sure you have things
> setup properly.  Using your variables, the command would be:
>
> ldapsearch -T -x -H ldap://my-ldap-server.my-domain:389 -b 
> 'DC=my-domain,DC=global-domain' -w 'manager-password' -D 
> 'my-manager@my-domain.global-domain' -Z sAMAccountName='some username here 
> that exists in your AD'
>
>
> Patrick+
>
> On Wed, Oct 12, 2016 at 9:31 AM, KERAIN Stéphane <
> stephane.ker...@infodb.fr> wrote:
>
>> Hi,
>>
>> I'm trying to configure my CAS server for AD authentication. I've read
>> the documentation several times and do multiple try but nothing to do, AD
>> authentication failed.
>>
>> Need some help, please. :)
>>
>> Best regards, Stépĥane.
>>
>> ---
>> cas.properties:
>>
>> server.name=https://my-cas-server:8028
>> server.prefix=${server.name}/cas
>>
>> host.name=my-cas-server.my-domain
>>
>> webflow.encryption.key=jVOzaqhPXOgMbakc
>> webflow.signing.key=QIsan9FM86T-1W8QZaDmD8N3VzZC9P2YrWqxNWMN
>> -qLFujSt0EShBZdzVtC5ttTRTGMB6pyWzIA3zI2VDk4yrg
>>
>> accept.authn.users=casuser::Mellon
>>
>> ldap.url=ldap://my-ldap-server.my-domain:389
>> ldap.useStartTLS=false
>> ldap.rootDn=dc=my-domain,dc=global-domain
>> #ldap.baseDn=OU=USERS,OU=MY-OU,DC=my-domain,DC=global-domain
>> ldap.baseDn=DC=my-domain,DC=global-domain
>> ldap.connectTimeout=3000
>> #ldap.managerDn=CN=my-manager,OU=DOMAINE,OU=ADMINISTRATEUR,O
>> U=USERS,OU=MY-OU,DC=my-domain,DC=global-domain
>> ldap.managerDn=my-manager@my-domain.global-domain
>> ldap.managerPassword=manager-password
>> ldap.pool.minSize=1
>> ldap.pool.maxSize=10
>> ldap.pool.validateOnCheckout=false
>> ldap.pool.validatePeriodically=true
>> ldap.pool.blockWaitTime=3000
>> ldap.pool.validatePeriod=300
>> ldap.pool.prunePeriod=300
>> ldap.pool.idleTime=600
>> ldap.authn.searchFilter=cn={user}
>> ldap.domain=my-domain.global-domain
>> ldap.usePpolicy=false
>> ldap.allowMultipleDns=false
>>
>> ---
>>
>> catalina.out:
>>
>> 2016-10-12 14:54:33,364 DEBUG [org.ldaptive.BindOperation] - <execute
>> request=[org.ldaptive.BindRequest@237353622::bindDn=my-user@my.domain,
>> saslConfig=null, controls=null, referralHandler=null,
>> intermediateResponseHandlers=null] with connection=[org.ldaptive.Defau
>> ltConnectionFactory$DefaultConnection@896428015::config=[
>> org.ldaptive.ConnectionConfig@1457929333::ldapUrl=ldap://my-server.mydomain:389,
>> connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false,
>> useStartTLS=false, connectionInitializer=[org.lda
>> ptive.BindConnectionInitializer@1737965895::bindDn=my-user@my.domain,
>> bindSaslConfig=null, bindControls=null]], providerConnectionFactory=[org
>> .ldaptive.provider.jndi.JndiConnectionFactory@1727525661::
>> metadata=[ldapUrl=ldap://my-server.mydomain:389, count=1],
>> environment={com.sun.jndi.ldap.connect.timeout=3000,
>> java.naming.ldap.version=3, java.naming.factory.initial=co
>> m.sun.jndi.ldap.LdapCtxFactory}, providerConfig=[org.ldaptive.p
>> rovider.jndi.JndiProviderConfig@135425996::operationExceptionResultCodes=[PROTOCOL_ERROR,
>> SERVER_DOWN], properties={}, connectionStrategy=org.ldaptiv
>> e.provider.DefaultConnectionStrategy@10afcf37,
>> controlProcessor=org.ldaptive.provider.ControlProcessor@3ae04798,
>> environment=null, tracePackets=null, removeDnUrls=true,
>> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
>> PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]],
>> providerConnection=org.ldaptive.provider.jndi.JndiConnection@6579518f]>
>> 2016-10-12 14:54:33,374 ERROR [org.ldaptive.pool.BlockingConnectionPool]
>> - <[org.ldaptive.pool.BlockingConnectionPool@923455700::name=bind-pool,
>> poolConfig=[org.ldaptive.pool.PoolConfig@259215693::minPoolSize=1,
>> maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=false,
>> validatePeriodically=true, validatePeriod=300], activator=null,
>> passivator=null, validator=[org.ldaptive.pool.SearchValidator@1357400872
>> ::searchRequest=[org.ldaptive.SearchRequest@1061773616::baseDn=,
>> searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*),
>> parameters={}], returnAttributes=[1.1], searchScope=OBJECT, timeLimit=0,
>> sizeLimit=1, derefAliases=null, typesOnly=false, binaryAttributes=null,
>> sortBehavior=UNORDERED, searchEntryHandlers=null,
>> searchReferenceHandlers=null, controls=null, referralHandler=null,
>> intermediateResponseHandlers=null]] pruneStrategy=[org.ldaptive.po
>> ol.IdlePruneStrategy@1429310040::prunePeriod=300, idleTime=600],
>> connectOnCreate=true, connectionFactory=[org.ldaptiv
>> e.DefaultConnectionFactory@306776633::provider=org.ldaptive.
>> provider.jndi.JndiProvider@15221fc1, config=[org.ldaptive.Connectio
>> nConfig@1457929333::ldapUrl=ldap://my-server.mydomain:389,
>> connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false,
>> useStartTLS=false, connectionInitializer=[org.lda
>> ptive.BindConnectionInitializer@1737965895::bindDn=my-user@my.domain,
>> bindSaslConfig=null, bindControls=null]]], initialized=false,
>> availableCount=0, activeCount=0] unable to connect to the ldap>
>> org.ldaptive.LdapException: javax.naming.AuthenticationException: [LDAP:
>> error code 49 - 80090308: LdapErr: DSID-0C0903C8, comment:
>> AcceptSecurityContext error, data 52e, v2580^@]
>>         at 
>> org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)
>> ~[ldaptive-1.1.0.jar:?]
>>         at 
>> org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)
>> ~[ldaptive-1.1.0.jar:?]
>> ...
>>
>> --
>> CAS gitter chatroom: https://gitter.im/apereo/cas
>> CAS mailing list guidelines: https://apereo.github.io/cas/M
>> ailing-Lists.html
>> CAS documentation website: https://apereo.github.io/cas
>> CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To post to this group, send email to cas-user@apereo.org.
>> Visit this group at https://groups.google.com/a/ap
>> ereo.org/group/cas-user/.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/9a216dce-5929-4532-9b87-8de0164272
>> 87%40apereo.org
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9a216dce-5929-4532-9b87-8de016427287%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>>
>
>

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAO6jAwvuHTGdOAoPHFfsO1Q4bOVOzSeTBOmp%2BSDndPfAYz2z2g%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Reply via email to